Motorola Solutions hosted a live webinar last week featuring two cybersecurity experts who called out ransomware as “an epidemic” in public safety. The webinar, part of Motorola Solutions 2021 series on Cybersecurity for Mission-Critical Technology, featured Dr. Pranshu Bajpai, Security Architect, Motorola Solutions and Zack Mahon, Motorola Solutions Cybersecurity Services.
In the webinar, “A Holistic Defense Against Ransomware in Public Safety,” Bajpai and Mahon talked about the overall cybersecurity threat landscape, focusing on ransomware as the biggest threat to organizations such as police and fire departments, municipalities, state agencies and public safety answering points (PSAPs).
Those at the highest risk are usually in densely populated areas, Mahon explained. Attackers are “targeting municipalities, police environments and systems that are considered to be locked down”, he said. While public safety agencies usually place a big emphasis on physical security, more attention needs to be paid to “unseen” cybersecurity threats, such as ransomware.
Cyber criminals are targeting public safety systems, especially inside of land-mobile-radio (LMR), PSAP and IT environments, Bajpai said. The Motorola Solutions threat intelligence team has found that ransomware is the most common threat, driven by increasing ransom payouts in the order of millions of dollars and the associated rising profit margins for the attackers. “Ransomware is a highly profitable business model for adversaries,” he said.
Mahon called the upward trend “alarming,” noting that about half of the organizations and agencies that get attacked end up paying the ransom. “That’s fuel on the fire for the business model for these ransomware attacks when organizations wind up paying the adversaries for the release of their systems.”
After sharing some statistics and observations about the ransomware trend, Bajpai and Mahon moved into a step-by-step review of the ransomware process, with Bajpai playing the role of the attacker and Mahon representing the IT leader of the agency under attack.
With his “attacker” hat on, Bajpai said the first thing a malicious hacker does is look for the easiest way to get into a network. Once they’re in, they evaluate the value of existing assets, then look for opportunities for lateral movement, all while moving quietly so as not to attract unnecessary attention as they discover systems of value and move closer to the inner layer.
Thinking like an attacker, Bajpai said a prime target is getting into 9-1-1 call handling centers through lateral movement by initially compromising their traditional IT networks or endpoint devices. “For example, if I can move into those networks, they’re likely to hold a higher value for the victim and increase my leverage to allow me to extract more ransom. So that would be my ultimate target.”
So, when it comes to public safety, how can agencies best protect themselves from ransomware attacks? Mahon said one of the first things they can do is to “understand what’s in the environment and gain visibility into all the entry points attackers can use to compromise your systems.”
In the webinar, Mahon and Bajpai talked through the additional phases of a ransomware attack from their attacker/ defender perspectives, as well as how to understand the different phases of ransomware attacks and the benefits of taking a holistic approach to cybersecurity to prevent and mitigate damages. View the on-demand webinar to hear more.
